This will be preaching to the choir for some readers, as you didn't exactly need another reason not to use Windows right? Microsoft's new Recall AI will take screenshots of everything you do and that sounds truly terrible. Spyware as a service, courtesy of Microsoft's push to stick AI into everything.
You might think I'm being perhaps a bit sensational here or even clickbaity, but no, this is actually genuinely what Recall does. As Microsoft said: "Recall uses Copilot+ PC advanced processing capabilities to take images of your active screen every few seconds", and not only just on their new ARM PCs, they said it will roll out to x86 platforms too via a Windows update.
What's the point? It's to give you a special timeline of your day (it stores up to 3 months worth of what you do), allowing you to go back through it and find things, highlight things, open the original application shown in pictures and eventually open up whatever you were working on in the right application with the right content at the time. Basically, some fancy-pants AI search going over everything you've done.
Microsoft do say the storage is local to your device, and is "protected using data encryption on your device" and even using BitLocker if you're on Windows 11 Pro or an enterprise Windows 11 SKU. Microsoft also claim it doesn't share it anywhere else, at all, no advertisers or Microsoft themselves. But, how far do we trust data being fed into a black-box AI that no one can really see what it's doing huh?
Here's the thing: straight from their own FAQ (scroll down) it notes how "Recall does not perform content moderation" and it will "not hide information such as passwords or financial account numbers". Oh wow, that sure sounds good for your privacy doesn't it. But don't worry it "does not take snapshots of certain kinds of content, including InPrivate web browsing sessions in Microsoft Edge" and "material protected with digital rights management (DRM)" is also protected. We can't have Netflix or Disney getting annoyed with it taking a shot of that movie you watched, nope.
I'm not even what you may call a "privacy nut". I use big-name stuff all the time, my main browser is plain ol' Google Chrome and you get the idea. But still, this is super weird.
What happens if someone else gets access to your device? Lost, stolen, sold (and you forgot to wipe) and so on. If you get hacked, they'll end up seeing everything, it's another major attack point. Yeah great it's stored on your device, but people and companies get broken open all the time, malicious orgs will have a real party with your data. There's plenty of other times people may end up with access to your device to think about, I'm not going to list them all of course.
You can hear Microsoft CEO Satya Nadella speak about it to The Wall Street Journal, skip to 3:23:
Direct Link
No thanks. I'll pass, forever. I never want this. It feels creepy and gross.
The UK's Information Commissioner's Office (ICO) is already looking into it. No doubt others will be too. A privacy nightmare for everyone.
If you wish to try Linux, I can recommend Kubuntu which is my daily-driver.
Article taken from GamingOnLinux.com.
Quoting: whateverI'm absolutely 100% sure people will keep using Windows regardless, like everybody keeps using Chrome, despite all we know about Google and how they spy on their users ¯\_(ツ)_/¯Well, maybe, but somehow this feels more personal. I mean, I'm not going to predict that Windows market share will drop to 5% tomorrow as the news hits or anything, but I wouldn't be surprised if this caused a trickle of people leaving.
Quoting: pleasereadthemanualQuoting: LoudTechieWhat mcirosoft didn't disclose with their TPM requirement is that breaking bitlocker of the TPM they required at first(hardware based) is so easy that a teacher suggested it as a project in my first year of embedded software engineering. This is the relevant trick..Huh. That's pretty interesting. I guess the real professionals might have a suitcase full of these pogo pin sniffers for common laptop models, ready to disassemble the laptop at a moment's notice.
Doesn't work for fTPM, but that only got allowed when it turned out that gamers with game pcs can be very loud.
My desktop computer from 2017 has fTPM. Let me check if my Dell business laptop from 2022, which came with Windows 11, has fTPM.
<Rebooting>...
Edit:I have no clue. It doesn't tell me in the BIOS whether I have a fTPM, it just has the option to enable Secure Boot.
If you can't enable/disable your TPM in the BIOS you've no fTPM. If you can you do.(f stands for firmware)
EDIT:
This probably means you've hardware TPM for such a modern device.
Rant:
For some reason the advised practice in the security community is that for drm like activities dedicated hardware is most effective, but as far as I've encountered so far this is complete and utter bull.
Nintendo did and does it and failed.
Intel doesn't and succeeds(Intel ME)
By binding it to existing devices changing it is more intermingled with stuff the attacker doesn't want to touch.
Yes giving it more permissions helps, but if you integrate it in the firmware of something important it's harder to take away.
Edit:
Looked it up:
You've both, but the hardware TPM is probably the used one.
Bussiness laptop had TPM before consumer ones, because physical attacks are much more dangerous for owners of laptops who aren't also the user, such as businesses.
I assumed your laptop was new when you got it.
Last edited by LoudTechie on 23 May 2024 at 7:08 pm UTC
Quoting: wvstolzing... so I take it that plaintext indexing & search already works flawlessly on windows, that they're now expanding their horizons to indexing images, & user actions and the like?
... and that the promised indices won't take up half of the user's boot drive, and perpetually occupy half of their cpu & ram? (which of course they won't because all the processing and storage will be 'in the cloud')
Actually they promised to keep it local(for now), so I hope you've a really large drive, because it'll contain a video of its entire existence.
Edit:
Also they promised to keep it encrypted, so it will take up even more space than a normal video of it existence.
Last edited by LoudTechie on 23 May 2024 at 6:40 pm UTC
Quoting: LoudTechieQuoting: LoftyQuoting: EikeQuoting: LoftyQuoteI'm not even what you may call a "privacy nut".
Although this is a common turn of phrase. It's time we removed the association of conspiracy theorist with a human right to privacy.
I agree.
Quoting: LoftyIn the early day's people were far more trusting of technology and saw it as largely altruistic and a benefit to society (which with opensource it still can be) but invariably the usual shadowy forces do their thing and here we are.
[bolding by me]
... but this does sound... conspirational.
Maybe they aren't out in public stood on a box selling you data viewable on a large screen but im perfectly happy to identify groups tucked away in some monolithic corporate box connected to a vast data center sharing deeply personal information about you or your loved ones to the highest bidder as shadowy forces.
To me that is the usual shadowy forces. i couldn't think of a better phrase as my "tin foil" hat is blocking the connection to my neural-link Ai brain feed.
if you cant think of a better turn of phrase then let me know.
Shadowy implies lack of transparency, which has really improved over the years.
The term forces dehumanizes them.
The "shadowy forces" call themselves "data brokers".
I would call them "privacy salesmen/salespeople(reliant on who I'm talking to)".
That having said. I'm not opposed to the term "privacy nut".
I've no issue with being the crazy one and it does get the point across.
Quoting: LoudTechieAha, but to do business in Europe it still has to report who it sells and provides, which data to and to keep it a little scalable they will try to keep these pieces of information the same for europe and the rest of the globe(especially the first time they had to publish this, because making a special "europe" exception takes time) and the same is true for California.Quoting: LoftyQuoting: EikeQuoting: LoftyQuoteI'm not even what you may call a "privacy nut".
Although this is a common turn of phrase. It's time we removed the association of conspiracy theorist with a human right to privacy.
I agree.
Quoting: LoftyIn the early day's people were far more trusting of technology and saw it as largely altruistic and a benefit to society (which with opensource it still can be) but invariably the usual shadowy forces do their thing and here we are.
[bolding by me]
... but this does sound... conspirational.
Maybe they aren't out in public stood on a box selling you data viewable on a large screen but im perfectly happy to identify groups tucked away in some monolithic corporate box connected to a vast data center sharing deeply personal information about you or your loved ones to the highest bidder as shadowy forces.
To me that is the usual shadowy forces. i couldn't think of a better phrase as my "tin foil" hat is blocking the connection to my neural-link Ai brain feed.
if you cant think of a better turn of phrase then let me know.
QuoteShadowy implies lack of transparency, which has really improved over the years.
Has it ? I mean i know there are laws around data protection such as GDPR. At least from a European perspective i could mostly agree. But Microsoft is an American company.
Also thanks to the Snowden leaks the USA government more often publishes(often due to court cases) on the subject. Also there are nowadays more external monitoring methods.
Also the EU thanks to Snowden leaks once in a while get forced to publish parts of its own espionage through court cases.
Quoting: LoftyOkay here you're just right, my excuses for the mistake.QuoteThe term forces dehumanizes them.
Forces implies a large gathering of people committed to the same objective. Are we 'dehumanizing' an invading army by calling them a 'force' ?
Quoting: Lofty[quote=Lofty]QuoteThe "shadowy forces" call themselves "data brokers".
I would call them "privacy salesmen/salespeople(reliant on who I'm talking to)".
'privacy salesmen' should not even be a thing,i would call them immoral shysters. It should not be a job to sell people's private information without consent at the level proposed here.
Well yeah that's why I prefer the term. It gets the point across without sounding like an accusation of conspiracy beyond normal business transactions.
Quoting: LoftyQuoteThat having said. I'm not opposed to the term "privacy nut".
I've no issue with being the crazy one and it does get the point across.
So long as it's not used to dehumanize people who care about privacy or minimize the risks involved, hushing people into silence.
Meh, many badges of honor in the past began as a way to dismiss owning up to it is often more effective. The term jesuit was meant to call them traitors, Cavalier was at first meant as an insult, Anarchist started as an insult it, conservative started as an insult.
Last edited by LoudTechie on 23 May 2024 at 6:43 pm UTC
Philadelphus May 23
It's worth noting that not even Windows users are particularly enthused at the idea, as in this article on PCGamer.
Quoting: LoftyAre we 'dehumanizing' an invading army by calling them a 'force' ?Yes. We call them "enemy forces," not "enemy people." An important facet of war is finding ways to dehumanize the people you're fighting so you/your soldiers don't feel so bad about killing them.
Quoting: PhiladelphusIt's worth noting that not even Windows users are particularly enthused at the idea, as in this article on PCGamer.I'll be amazed if many will put their money where their mouth is and walk away. It's only gotten as bad as it is now because they never take action about their complaints.
Last edited by tohur on 23 May 2024 at 9:15 pm UTC
Patreon
PayPal
See more from me